FINAL WORD
Cyberattackers are aware of this fact, so it
is easy to hide malicious activities into an
application layer to pass it through security
defences towards the targeted services or
machines. The end service will then decrypt
the traffic without prior inspection. This is a
risky scenario, isn’t it?
Hesham Elsherif, Principal System Engineer
at A10 Networks
between different security reports and
analyses. This helps to establish a vision, but
before that the CISO has to ensure that vision
is comprehensive and that an assessment
is built based on accurate reports and
measured analysis. Without proper traffic
visibility this will be an unachievable mission.
How crucial is network visibility in
preventing attacks and how difficult
is this to achieve?
None of the above will be achieved without
traffic visibility (ingress and egress). Visibility
in each and every level is mandatory in order
to activate the security devices. Visibility is
not a nice-to-have, it is critical. And I always
advise our partners to consider it as a top
priority. Otherwise reporting and analysis will
be meaningless.
Also, it is very important to realise
that visibility does not mean violating
confidentiality – ensuring compliance with
privacy standards should not conflict with
visibility and this is achievable.
How does A10 Networks’ Thunder
SSLi product help to eliminate the
blind spot?
Blind spot is a terminology that describes
the situation when security devices cannot
inspect the actual data or application
layer due to encryption. Once the client/
server exchanges the TLS certificate and
key during the TCP hand-shake, the traffic
will be encrypted, thus there will be no
way to intercept the traffic and inspect it.
88
INTELLIGENTCIO
The A10 Networks Thunder SSLi solution
helps to eliminate blind spots by intercepting
the client/server TLS negotiation as full proxy
and maintaining two separate sessions, one
session with the client’s side and the other
one with the server’s side. In between, A10
Thunder SSLi will feed the security devices
intelligently with clear text traffic. After the
security device finishes the inspection and
forwards the traffic, A10 Thunder SSLi will
encrypt the traffic again before forwarding it
to the original destination.
How does the product help to make
the lives of CISOs easier?
Deploying our SSLi solution and forwarding
the traffic to many inline and non-inline
security devices eliminates the decryption
overhead of each security device.
This improves performance while
maintaining proper security diligence,
enhancing the user’s experience and saving
costs by eliminating the need to purchase
bigger security devices just to support
resource-intensive decryption and encryption
functions. This will help CISOs achieve the
next level of securing the infrastructure
by fine-tuning the security polices and
configurations on security devices based on
the visibility obtained and the control gained
by eliminating the blind spot.
The A10 Thunder SSLi solution not only
provides visibility of the traffic to security
devices, but it also sends logs and can mirror
the traffic for the SIEM and logging solution
and forensic analysis tools allow CISOs to
keep historical logs and events in a readable
format. Moreover, A10 Networks can support
the ICAP protocol to feed and activate the
DPI and AV solutions.
What are the other features CISOs
can leverage from Thunder SSLi?
Many built-in features come with Thunder
SSLi. Application Access Management
(AAM), URL filtering and application visibility
come on top of the list. AAM enables us to
integrate with AAA servers to apply policies
and track activities per user. While URL
filtering helps to ensure compliance with
privacy standards so we can bypass SSLi for
specific categories like finance or health, for
instance. Last but not least is application
visibility, where we can identify and classify
the applications even without decryption
based on the protocol ID and apply policies,
such as blocking WhatsApp, or we may allow
Facebook but block chatting on Facebook,
for example.
We can go further than that and deploy a
full secure web gateway with transparent
or explicit proxy setup and use the
aforementioned features.
What would you say to CISOs who
might consider Thunder SSLi a
complex solution to deploy?
A10 Networks has introduced a built-in
application template to deploy more than
15 applications in all new ACOS releases.
SSLi provides a wizard to enable any feature
the security team wants to employ. Later
on, editing or modifying the configurations
using the same built-in template is possible.
Furthermore, Thunder SSLi provides a
detailed dashboard where the security team
can monitor the performance and report any
issue instantly.
A10 Networks supports all deployment
modes such as Layer 2 or Layer 3 or even
fully transparent and security devices can
also be transparent or Layer 2 or Layer 3. It
is worth mentioning that A10 Networks also
supports multi-tenancy to divide the same
Thunder instance into isolated partitions to
cover multiple segments on the network. n
“
THIS WILL HELP
CISOS ACHIEVE
THE NEXT LEVEL
OF SECURING THE
INFRASTRUCTURE.
www.intelligentcio.com